Abstract
Software patching is routinely employed for enterprise online applications to guard against ever-increasing security risks and to keep up with customer requirements. However, in a hybrid cloud setting, where an application deployment can span across diverse cloud environments, patching becomes challenging, especially since application components may be deployed as containers or VMs or bare-metal machines. Further, application tiers may have dependencies, which need to be respected. Worse, to minimize application downtime, selected patches need to be applied in a finite time period. This paper presents an automated patching strategy for hybrid-cloud—deployed applications that leverages a greedy algorithm design to optimally patch applications. Our implementation and evaluation results highlight the efficacy of our strategy and its superiority over alternative patching strategies.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
BigFix. https://www.ibm.com/security/endpoint-security/bigfix
How to shut the window of (unpatched) opportunity. https://www.welivesecurity.com/2018/04/19/patching-shut-window-unpatched
IBM Vulnerability Advisor. https://github.com/IBM-Bluemix-Docs/va
Jmeter. https://jmeter.apache.org
Stock-trader application. https://github.com/IBMStockTrader
Time’s up for the Ticker? Facebook appears to axe feed for tracking your friends’ activity. https://techcrunch.com/2017/12/10/times-up-for-facebook-ticker/
Weavescope. https://github.com/weaveworks/scope
Hopmann, A., et al.: High availability of machines during patching
Wang, C., et al.: VScope: middleware for troubleshooting time-sensitive data center applications. In: Narasimhan, P., Triantafillou, P. (eds.) Middleware 2012. LNCS, vol. 7662, pp. 121–141. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-35170-9_7
Dake, S.C.: Containerized upgrade in operating system level virtualization
Kloeckner, K., et al.: Building a cognitive platform for the managed it services lifecycle. IBM J. Res. Dev. 62(1), 8–11 (2018)
Plummer, S., Warden, D.: Puppet: introduction, implementation & the inevitable refactoring. In: Proceedings of the 2016 ACM SIGUCCS Annual Conference (2016)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Hafeez, U.U., Karve, A., Dumba, B., Gandhi, A., Zeng, S. (2019). Towards Automated Patch Management in a Hybrid Cloud. In: Yangui, S., Bouassida Rodriguez, I., Drira, K., Tari, Z. (eds) Service-Oriented Computing. ICSOC 2019. Lecture Notes in Computer Science(), vol 11895. Springer, Cham. https://doi.org/10.1007/978-3-030-33702-5_26
Download citation
DOI: https://doi.org/10.1007/978-3-030-33702-5_26
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-33701-8
Online ISBN: 978-3-030-33702-5
eBook Packages: Computer ScienceComputer Science (R0)